[messaging] Short Auth Strings
bascule at gmail.com
Fri Jan 31 14:23:27 PST 2014
On Fri, Jan 31, 2014 at 11:17 AM, Daniel Kahn Gillmor <dkg at fifthhorseman.net
> On 01/31/2014 12:24 PM, Trevor Perrin wrote:
> > In practice, SAS are mostly used by phone
> > protocols, since users can speak the SAS to each other (assuming voice
> > impersonation is hard).
> Do we have backing for the assumption that "voice impersonation is
My VOICE is my PASSPORT verify ME? ;)
> This assumption seems like the Achilles heel of these schemes,
> and i wonder how much work has been done to test it.
What about simultaneous video and voice impersonation?
Indeed, Wikipedia suggests that the NSA has built systems to attack this
> problem 8 years ago
If your threat model includes Nation State Adversaries, I think all bets
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Messaging